113 Technology Risk jobs in Thailand

The Technology Risk involves overseeing technology risk management across banking and digital asset subsidiaries, ensuring alignment with the parent company's standards and regulatory requirements. This role includes establishing governance frameworks, reporting risk management performance, resolving technology-related incidents, enforcing policies, providing expert advice, managing exemption requests, and developing training programs to promote risk awareness and continuous improvement.

• Oversee the technology risk management practices of banking and digital asset subsidiaries to ensure they align with the parent company's standards and regulatory requirements.
• Establish a robust governance framework to monitor and control technology risks across all subsidiaries.
• Ensure regular and detailed reporting of technology risk management performance, including key metrics and risk indicators, to senior management and the board of directors.
• Oversee the reporting of any technology-related incidents or anomalies, ensuring timely communication and resolution.
• Communicate and enforce technology risk management policies and standards across all subsidiaries, ensuring that all relevant stakeholders are aware of and adhere to these guidelines.
• Provide expert advice and support to subsidiaries on technology risk management issues, helping them to implement best practices and mitigate risks effectively.

If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply.

• Bachelor's degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 5 years of experience in technology risk management.
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001, and COBIT.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.
• Commitment to staying updated with the latest trends and developments in technology risk management.

At EY, we're all in to shape your future with confidence.

We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

The opportunity:
Our IT Audit support service are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements.

Your key Responsibilities:

• IT Audit (business and IT processes) as part of Financial Audit.
• Review automated controls / IT security of well-known Operating Systems and DBMSs
• Review ERP e.g. SAP, Oracle etc for business operations.
• Work includes conduct/examine internal audits of client's established internal controls and procedures to evaluate the effectiveness of clients' information-related controls and processes and associated risk exposures. Identify weak of IT processes that cause business risks. Documenting the test findings and remediation testing.
• Participate in the meeting with client's top management to report and recommend on IT general controls and automated controls.
• Provide support, maintain communication, assist team in accomplishing audit objectives and updating senior team members on progress.
• Clients include multinational and more than 30% SET-listed companies with many business types.

Skills And Attributes For Success
To qualify for the role, you must have

• Bachelor's degree in MIS, Computer Science, Computer Engineering, IT or other related fields.
• 1 year of experience for Consultant level and fresh graduates are welcome.
• 2 year+ of experience for Senior Consultant level
• Effective command of verbal and written both Thai and English.
• Strong analytical skills, detailed and results oriented, problem solving, interpersonal and leadership skills.
• Adaptable and be able to work upcountry.

Ideally, you'll also have

• Similar experience in Big 4 is preferred.
• Experience in Operation System, DBMS, ERP, and IT audit is advantage.

What We Look For
As a global leader in assurance, IT Audit support services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better

What We Offer
At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

Are you ready to shape your future with confidence? Apply today.

To help create an equitable and inclusive experience during the recruitment process, please inform us as soon as possible about any disability-related adjustments or accommodations you may need.

EY | Building a better working world
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Job Description

• Collaborate with all stakeholder to perform risk assessments, which comprise analyzing, identifying, evaluating, and moniting & reporting risks that impact all business risks
• Ensure the IT Third-party Risk Management (IT TPRM) program aligns with internal policy, and external regulatory requirements
• Work closely with all stakeholders to identify risks, mitigate the risks while engaging third-parties to provide products and services to the company
• Oversee the ongoing treatment of identified technology risks and ensure the remediation plans can be closed in a timely manner
• Regularly report to the company's senior management and board of directors on the cybersecurity and technology risks and risk management practices
• Provide advice to Head of Risk Management on assurance and controls oversight related to technology risk
• Create and maintain an external network with other Technology Risk managers, and relevant risk forums
• Collaborate and maintain good communication channels with other risk partners, such as Operational Risk Management, Compliance & Legal, People and Reputation risk

Job Summary:

As a Core team member of Technology risk team, this role will oversee the organization's comprehensive controls and Technology risk management program, identify, assess, monitor, control and mitigate Technology risks within organization, as well as collaborate together with first line of defense on potential risks, mitigation and improvement within their information systems and technological needs to safeguard business goals and strategies. This role will work on a group-wide of Technology Risk including IT Compliance and IT Internal Audit. Promoting risk-awareness culture to all staff.

Job Description:

• Collaborate with all stakeholder to perform risk assessments, which comprise analyzing, identifying, evaluating, and moniting & reporting risks that impact all business risks
• Ensure the IT Third-party Risk Management (IT TPRM) program aligns with internal policy, and external regulatory requirements
• Work closely with all stakeholders to identify risks, mitigate the risks while engaging third-parties to provide products and services to the company
• Oversee the ongoing treatment of identified technology risks and ensure the remediation plans can be closed in a timely manner
• Regularly report to the company's senior management and board of directors on the cybersecurity and technology risks and risk management practices
• Provide advice to Head of Risk Management on assurance and controls oversight related to technology risk
• Create and maintain an external network with other Technology Risk managers, and relevant risk forums
• Collaborate and maintain good communication channels with other risk partners, such as Operational Risk Management, Compliance & Legal, People and Reputation risk

Qualification:

• At least 3-5 years work experience with relevant second or third line of defense in IT risk experience preferred
• Experiences or strong passion in FinTech company or banking industry
• Strong knowledge of IT Third-party risk management
• Sound understanding of applicable laws, regulations, and industry best practices
• Practical knowledge of Cyber & Technology risks, technical skills and practices
• Ability to work well in a small, collaborative team
• Willingness to learn new knowledge and skills in growing and adapting to new conditions and challenges.
• Professional certifications such as CRISC, CISM, CC, CEH, or ISMS are desirable

About Us

Do you want to be part of Thailand banking transformation? Data is the core of the new financial services era, and we are open for the opportunity to be part to drive this change at the core.

SCB DATAx is a new venture of the Siam Commercial Bank (SCB) holdings, a leading financial services and digital services holdings in Thailand and ASEAN.

As part of the transformation of SCB into a group of product and technology companies, under the SCBx brand, SCB DATAx is the technology company to centralize data and provide AI and data science services and products to the group.

With a leading-edge cloud native data & AI platform, our vision is to support the group to providing everyone in our region with the opportunity to prosper.

We work on forward-thinking challenges of centralizing, analyzing and sharing information. We collaborate with companies and experts in many different domains, embrace diversity and all that while having a good laugh and joy in work.

About Team & Role

Oversight and challenge technology related risks for DataX (a subsidiary of SCBX). Ensure DataX technology & information security (IT & IS) risk management adheres to DataX and SCBX group risk management frameworks, policies and standards.

Work closely with risk owners to identify, assess, treat/mitigate, monitor, and report all IT & IS risks. Assess the effectiveness of IT & IS controls. Develop and maintain communication and collaboration with other risk partners, such as operations, security, data governance (DG), data privacy (DP), as well as with stakeholders across the organization.

This role is part of 2LoD which reports to DataX Chief Risk Officer (CRO).

Your Responsibility

• Operate technology & information security (IT & IS) risks adhere to DataX and SCBX group risk management frameworks, policies, guidelines, processes and procedures, including exception mechanisms. The IT & IS related risks scope for DataX organization and every service which DataX provides to SCBX group companies.

• Work closely with stakeholders across the organization, 1LoD and 2LoD:

• Assist and monitor them to identify potential IT & IS risks, assess impacts, by applying technology risk management tools.

• Ensure the effectiveness of risk mitigation, tailored to the business needs and operations, which should be done in a timely manner.

• Continuous monitoring risk mitigation or any treatment strategies such as exemption or acceptance.

• Assess the effectiveness of IT & IS controls. Implement continuous monitoring of the controls.

• Ensure all technology risk activities are conducted in the GRC tool as centralized repository.

• Oversight technology incidents, analyze the root cause, challenge and monitor the action plans.
• Regular report technology risk indicators and incidents, for effectiveness of risk measurement and early warning for technology risk trends.
• Regularly review the risk register to ensure it covers every area in technology risk taxonomy. Addition to address new and evolving threats and risks.
• Work closely with project owners to perform effectiveness of IT Project Risk management. Assist stakeholders in validating risk assessments, which comprise analyzing, identifying, describing, and quantifying risks that impact all business risks.
• Work with procurement and related functions to enforce IT & IS requirements into third party evaluation process and operate to ensure the effectiveness of IT third party risk management process.
• Incorporate IT & IS risk awareness into new hire orientation, annual training, and other events.

Join the related meetings if need, such as Change Advisory Board (CAB) and/or Technology Steering Committee (TSC).

Qualifications

• Bachelor's degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 3 years of experience in technology risk management, with a minimum of 3 years in a any technology role. (For the senior specialist, at least 5 years of experience in technology risk management, with a minimum of 3 years in a any technology role.)
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements such as BOT or SEC, and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.

การบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศของบริษัท เพื่อให้บริษัทสามารถบริหารจัดการความเสี่ยงได้อย่างมีประสิทธิภาพ เป็นไปตามนโยบาย แผนงาน ระเบียบ กฎเกณฑ์ทางการ และกฎหมายที่เกี่ยวข้อง

Job Objective and Responsibilities

• ร่วมจัดทำนโยบาย แนวทางปฏิบัติ เครื่องมือ วิธีการและเทคนิคต่างๆในการบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศ รวมทั้งการรายงานความเสี่ยงด้านเทคโนโลยีสารสนเทศ และการปฏิบัติงานอื่นตามที่ได้รับมอบหมาย เพื่อให้บริษัทสามารถบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศได้อย่างมีประสิทธิภาพ โดยสามารถป้องกัน หรือลดความเสี่ยงลงได้
• การบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศ ของบริษัทให้สอดคล้องตามระเบียบ กฎเกณฑ์ทางการ มาตรฐานต่างๆ และกฎหมายที่เกี่ยวข้อง
• ให้คำแนะนำ และความรู้ในการบริหารความเสี่ยงฯ เพื่อสนับสนุนหน่วยงานต่างๆ มีการบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศเป็นไปตามแนวทางที่กำหนดไว้
• กำกับดูแล สอบทาน การบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศของหน่วยงาน
• ปฏิบัติงานด้านอื่นๆ ตามที่ได้รับมอบหมาย

Job Specification and Qualifications

• วุฒิปริญญาตรีขึ้นไป สาขาเทคโนโลยีสารสนเทศ วิศวกรรมคอมพิวเตอร์ วิทยาศาสตร์คอมพิวเตอร์ วิทยาการการจัดการคอมพิวเตอร์ บริหารธุรกิจคอมพิวเตอร์ หรือ มีประสบการณ์ในงานที่เกี่ยวข้องกับการบริหารความเสี่ยงด้านเทคโนโลยีสารสนเทศโดยตรง
• มีประสบการณ์ทำงานธนาคารหรือสถาบันการเงินหรือธุรกิจบริการด้านการชำระเงิน ตั้งแต่ 5 ปีขึ้นไป
• มีความรู้ด้านเทคโนโลยีสารสนเทศ / ด้านผู้ตรวจสอบด้านเทคโนโลยีสารสนเทศ / ความรู้ด้านการบริหารความเสี่ยง
• มีความรู้ด้านบริการการชำระเงิน ระบบการชำระเงิน และการเงิน การธนาคาร
• มีความเป็นผู้นำ การวางแผน และบริหารจัดกา
• มีทักษะในการวิเคราะห์ ตัดสินใจ และแก้ไขปัญหา
• มีทักษะในการติดต่อประสานงาน การสื่อสาร ให้คำแนะนำ และให้คำปรึกษา
• มีความคิดริเริ่มสร้างสรรค์ และการพัฒนาตนเอง
• มีความรับผิดชอบในงาน ปฏิบัติงานอย่างถูกต้อง ครบถ้วน ในระยะเวลาที่กำหนด
• สามารถทำงานภายใต้ภาวะกดดันได้ดี

About Us

Do you want to be part of Thailand banking transformation? Data is the core of the new financial services era, and we are open for the opportunity to be part to drive this change at the core.

SCB DATAx is a new venture of the Siam Commercial Bank (SCB) holdings, a leading financial services and digital services holdings in Thailand and ASEAN.

As part of the transformation of SCB into a group of product and technology companies, under the SCBx brand, SCB DATAx is the technology company to centralize data and provide AI and data science services and products to the group.

With a leading-edge cloud native data & AI platform, our vision is to support the group to providing everyone in our region with the opportunity to prosper.

We work on forward-thinking challenges of centralizing, analyzing and sharing information. We collaborate with companies and experts in many different domains, embrace diversity and all that while having a good laugh and joy in work.

About Team
& Role

Oversight and challenge technology related risks for DataX (a subsidiary of SCBX). Ensure DataX technology & information security (IT & IS) risk management adheres to DataX and SCBX group risk management frameworks, policies and standards.

Work closely with risk owners to identify, assess, treat/mitigate, monitor, and report all IT & IS risks. Assess the effectiveness of IT & IS controls. Develop and maintain communication and collaboration with other risk partners, such as operations, security, data governance (DG), data privacy (DP), as well as with stakeholders across the organization.

This role is part of 2LoD which reports to DataX Chief Risk Officer (CRO).

Your Responsibility

• Operate technology & information security (IT & IS) risks adhere to DataX and SCBX group risk management frameworks, policies, guidelines, processes and procedures, including exception mechanisms. The IT & IS related risks scope for DataX organization and every service which DataX provides to SCBX group companies.
• Work closely with stakeholders across the organization, 1LoD and 2LoD:
• 1. Assist and monitor them to identify potential IT & IS risks, assess impacts, by applying technology risk management tools.
• 1. Ensure the effectiveness of risk mitigation, tailored to the business needs and operations, which should be done in a timely manner.
• 1. Continuous monitoring risk mitigation or any treatment strategies such as exemption or acceptance.
• 1. Assess the effectiveness of IT & IS controls. Implement continuous monitoring of the controls.
• 1. Ensure all technology risk activities are conducted in the GRC tool as centralized repository.
• Oversight technology incidents, analyze the root cause, challenge and monitor the action plans.
• Regular report technology risk indicators and incidents, for effectiveness of risk measurement and early warning for technology risk trends.
• Regularly review the risk register to ensure it covers every area in technology risk taxonomy. Addition to address new and evolving threats and risks.
• Work closely with project owners to perform effectiveness of IT Project Risk management. Assist stakeholders in validating risk assessments, which comprise analyzing, identifying, describing, and quantifying risks that impact all business risks.
• Work with procurement and related functions to enforce IT & IS requirements into third party evaluation process and operate to ensure the effectiveness of IT third party risk management process.
• Incorporate IT & IS risk awareness into new hire orientation, annual training, and other events.

Join the related meetings if need, such as Change Advisory Board (CAB) and/or Technology Steering Committee (TSC).

Qualifications

• Bachelor's degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 3 years of experience in technology risk management, with a minimum of 3 years in a any technology role. (For the senior specialist, at least 5 years of experience in technology risk management, with a minimum of 3 years in a any technology role.)
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements such as BOT or SEC, and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.

IT Risk & Data Risk Specialist

Responsibilities:

• Implement IT Risk Management policies, procedures, standards, and guidelines to effectively manage IT and Data Risk.
• Conduct and perform IT RCA (Risk and Control Assessment) with control testing and follow up the action plan, perform CRAF (Cyber Resilience Assessment Framework), and RLA (Risk Level Assessment) processes.
• Provide recommendations and consultation to IT Risk owners regarding products, processes, and operations related to IT Risk.
• Support the design and execution of supervisory stress testing for IT risks, ensuring compliance with regulatory requirements.
• Oversee the annual review of ISO 27001 compliance and provide guidance to IT risk owners.
• Review and assess IT risks for new products, providing recommendations to mitigate potential risks.
• Investigate and analyze root causes of IT incidents, providing insights and solutions for improvement.
• Support IT and Data Risk Management team by contributing initiatives.
• Prepare IT risk reports for management and external regulators as required.
• Evaluate and provide recommendations on IT Project and IT Third-Party Risk Assessments and ensure compliance with regulations.
• Participate in Business Continuity Management (BCM) activities, including disaster recovery plan exercises to ensure operational resilience.
• Perform additional tasks assigned by the supervisor.

Qualifications:

• Bachelor's or Master's degree in related or equivalent domain, preferably in IT, Cybersecurity, Computer Engineering, Computer Science.
• At least 5-8 years of experience in IT Risk Management, IT Security, IT Audit, Data Governance, MIS, or related fields.
• Experience in banking, financial services, or consulting firms is required.
• Strong understanding of IT Risk Management, Data Risk, IT governance, Cybersecurity and related fields.
• Good knowledge and understanding related laws and regulations.
• Excellent interpersonal, analytical, presentation, and communication skills.
• High awareness of emerging data protection tools, methodologies, and technology trends.

Work You Will Do

As a GRC Technology Consultant, you will be part of our Governance, Risk, and Compliance (GRC) team, supporting the delivery of technology-enabled risk transformation projects. In this role, you will perform a functional consultant capacity by gathering business requirements, contributing to the design, implementation, and enhancement of the Information Technology Risk Management (ITRM) module within our GRC platform.

You will act as a bridge between business stakeholders, risk management teams, and the system implementation team, ensuring effective design, testing, and deployment of ITRM functionalities. Your work will align with established risk management frameworks, regulatory requirements, and industry best practices to enable a robust and sustainable risk management environment.

Key Responsibilities

•    Gather business and regulatory requirements from stakeholders.

•    Provide advisory on Information Technology Risk Management to support good design of system functionality to ensure design aligning with relevant regulatory requirement and good practice.

o   Information Technology Risk Management Framework and Matrix

o   Information Technology Risk Management Workflow from end to end including identification, assessment, monitoring, escalation and reporting.

o   Information Technology Risk Indicators

o   Information Technology Risk Inventory and Controls

o   Information Technology Asset (application, devices, IT asset etc.) and Mapping with Control

o   Information Technology Risk Dashboard

o   IT Incident Management Activities from end-to-end process

•    Translate requirements into system specifications and user stories.

•    Prepare documentation including Requirement Traceability Matrix (RTM), Functional Specification Document (FSD), and process flows.

•    Support design, configuration, and integration of the ITRM module within the GRC platform.

•    Develop and execute test cases and UAT scripts for ITRM module.

•    Support accuracy and completeness of data migration and system outputs.

•    Document test results, track defects, and support resolution.

•    Create training materials such as manuals, quick guides, and e-learning modules.

•    Deliver user training sessions and provide adoption support.

Qualifications

•    Bachelor's or Master's degree in Business Administration, Risk Management, Finance, Information Systems, or related field.

For Consultant Level

•    1–3 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector.

For Senior Consultant Level

•    5–8 years of experience in GRC, Internal Audit, or Risk Advisory, preferably in the financial services sector.

•    Strong knowledge of IT Risk Management frameworks and regulatory standards (e.g. ISO, NIST, COBIT, Basel, or BOT).

•    Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or equivalent) is a plus.

•    Archer Certified Administrator (Specialist/Expert), ServiceNow CIS (Risk & Compliance), or equivalent certification is a plus.

•    Proficiency in business analysis, documentation, and stakeholder facilitation.

•    Strong problem-solving, analytical, and communication skills.

•    Professional certifications such as GRC, CISA, CRISC, CISM, CISSP are highly desirable.

Technical Skills

•    Exposure to GRC/IRM platforms such as Archer, ServiceNow, or MetricStream.

•    Understanding of workflows, reporting, and dashboard.

•    Proficiency in Microsoft Excel and PowerPoint for analysis and reporting.

Soft Skills

•    Analytical and detail-oriented mindset with the ability to work on multiple projects simultaneously.

•    Strong written and verbal communication, able to engage both technical and business stakeholders.

•    Team-oriented with a willingness to learn and adapt to dynamic client environments.

•    Ability to work in structured consulting environments with deadlines and deliverables.

Industry Focus: FSI

Exposure to banking, asset management, digital asset, insurance, and financial services risk and compliance processes. Understanding of significant risk and compliance domain for specific industry.